testing hcn for pram michael jones, ganesh gopalakrishnan university of utah, school of computing
Post on 20-Dec-2015
214 views
TRANSCRIPT
Outline
• Goals: – re-use an abstraction for branching topologies– combine test model checking and abstraction
• How HCN works
• What was verified and how
• Discussion
HCN
• Directory-based hierarchical caching netw.
• Obeys sequential consistency, and PRAM is weaker than SC.
• Written by Arvind and Xiaowei Shen
Testing for PRAM
• Any 3 processors
• Located anywhere in any HCN network
• Sharing a single address
• Always satisfy PRAM
• Abstraction to cover all networks
• Test model check for PRAM with N=3.
Testing for PRAM
• # Procs sharing address: 3
• # Procs in system: arbitrary
• # Caches in system: arbitrary
• # Addresses being shared 1
• # Addresses in system arbitrary
• Property mem model
Abstraction Recipe
1. Throw away enough transactions and structure, and...
2. Merge enough structure to get a finite state model.
3. Add enough non-determinism to get same behavior on remaining observed state
(Inspired by trace inclusion refinement)
Why the Recipe Works
For some class of protocols, a “nice amount” of non-determinism is required to capture all behaviors of the observed state in the reduced model
Modeling a TRS in MurRule "receive wb rep and send sh rep"
(trec[addr].req = sh_req & hd_in.opc = wb_rep &
hd_in.addr = addr & state[addr] = ex_w &
(current_writer(addr,m) = hd_in.src))
==>
var rep_msg : tMsg ; begin
rep_msg.opc := sh_rep; rep_msg.src := m;
rep_msg.dst := trec[addr].id; rep_msg.addr := addr;
rep_msg.data := hd_in.data;
enqueue (outq, rep_msg);
state[addr] := ex_r;
add_to_dir (addr, trec[addr].id, m, dir);
add_to_dir (addr, hd_in.src, m, dir);
clearTrec (addr,trec); delete (inq, 0);
end;
receive-wb-rep-and-send-sh-rep
<id,Cell(a,u,(Ex,W(idk)))|m,
Msg(idk,id,Wbrep,a,v)+i,o,
Trec(a,(idp,Sh-req))|t>
<id,Cell(a,v,(Ex,R(idk|idj)))|m,
i,o+Msg(id,idj,sh-rep,a,v),
t>
Testing for PRAM
wr(A,2)rd(A,-)
wr(A,2)rd(A,-)
rd(A,1)
rd(A,0)E
wr(A,0)rd(A,-)
wr(A,1)rd(A,-)
wr(A,1)
rd(A,1)
rd(A,1)
E
wr(A,1)rd(A,-)
rd(A,0)
rd(A,0)Model
Checker
Model Checking Results
P P Q
P Q P
P P Q
States CPU time (sec)
110,995 87.57
Total 881,467 435.48
151,598 65.51
618,874 282.40
Discussion
at least one error in which topology matters
• Abstraction carried over nicely to a non-PCI protocol.
• N=4 and 2 addresses: both too big.– only explore several million states per model
• Abstraction + test model checking =
more general results.
Cache State Encoding
StateAddress Value Cache Home
cell cellcell...cell
“Cstate”: Shared or exclusive wrt siblings“Horizontal” state
Sh = shared with siblingsEx = has an exclusive copy.
Cache State Encoding
StateAddress Value Cache Home
cell cellcell...cell
“Hstate”: Which children have cached the state and why“Vertical” state
R(dir) = all children in dir have shared copies for readingW(id) = the child id has an exclusive copy for writting
Testing for PRAM
wr(A,2)rd(A,-)
wr(A,2)
rd(A,-)
rd(A,1)
rd(A,0)E
wr(A,0)rd(A,-)
wr(A,1)rd(A,-)
wr(A,1)
rd(A,1)
rd(A,1)
E
wr(A,1)rd(A,-)
rd(A,0)
rd(A,0)